Hacker Penetrates T-Mobile Systems - and then can maybe go work for the government!?!

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hacker Penetrates T-Mobile Systems - and then can maybe go work for the government!?!

I was scanning various security news today and came across this:

Hacker penetrates T-Mobile systems

By Kevin Poulsen, SecurityFocus Jan 11 2005 7:43PM
Click here for Core Impact!
A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned.

Twenty-one year-old Nicolas Jacobsen was quietly charged with the intrusions last October, after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The informant also produced evidence that Jacobsen was behind an offer to provide T-Mobile customers' personal information to identity thieves through an Internet bulletin board, according to court records.

Jacobsen could access information on any of the Bellevue, Washington-based company's 16.3 million customers, including many customers' Social Security numbers and dates of birth, according to government filings in the case. He could also obtain voicemail PINs, and the passwords providing customers with Web access to their T-Mobile e-mail accounts. He did not have access to credit card numbers.

The case arose as part of the Secret Service's "Operation Firewall" crackdown on Internet fraud rings last October, in which 19 men were indicted for trafficking in stolen identity information and documents, and stolen credit and debit card numbers. But Jacobsen was not charged with the others. Instead he faces two felony counts of computer intrusion and unauthorized impairment of a protected computer in a separate, unheralded federal case in Los Angeles, currently set for a February 14th status conference.
On July 28th the informant gave his handlers proof that their own sensitive documents were circulating in the underground marketplace they'd been striving to destroy.
The government is handling the case well away from the spotlight. The U.S. Secret Service, which played the dual role of investigator and victim in the drama, said Tuesday it couldn't comment on Jacobsen because the agency doesn't discuss ongoing cases-- a claim that's perhaps undermined by the 19 other Operation Firewall defendants discussed in a Secret Service press release last fall. Jacobsen's prosecutor, assistant U.S. attorney Wesley Hsu, also declined to comment. "I can't talk about it," Hsu said simply. Jacobsen's lawyer didn't return a phone call.

T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning. Under California's anti-identity theft law "SB1386," the company is obliged to notify any California customers of a security breach in which their personally identifiable information is "reasonably believed to have been" compromised. That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.

Company spokesman Peter Dobrow said Tuesday that nobody at T-Mobile was available to comment on the matter.

Cat and Mouse Game
According to court records the massive T-Mobile breach first came to the government's attention in March 2004, when a hacker using the online moniker "Ethics" posted a provocative offer on muzzfuzz.com, one of the crime-facilitating online marketplaces being monitored by the Secret Service as part of Operation Firewall.

"[A]m offering reverse lookup of information for a t-mobile cell phone, by phone number at the very least, you get name, ssn, and DOB at the upper end of the information returned, you get web username/password, voicemail password, secret question/answer, sim#, IMEA#, and more," Ethics wrote.

The Secret Service contacted T-Mobile, according to an affidavit filed by cyber crime agent Matthew Ferrante, and by late July the company had confirmed that the offer was genuine: a hacker had indeed breached their customer database,

At the same time, agents received disturbing news from a prized snitch embedded in the identity theft and credit card fraud underground. Unnamed in court documents, the informant was an administrator and moderator on the Shadowcrew site who'd been secretly cooperating with the government since August 2003 in exchange for leniency. By all accounts he was a key government asset in Operation Firewall.

On July 28th the informant gave his handlers proof that their own sensitive documents were circulating in the underground marketplace they'd been striving to destroy. He'd obtained a log of an IRC chat session in which a hacker named "Myth" copy-and-pasted excerpts of an internal Secret Service memorandum report, and a Mutual Legal Assistance Treaty request from the Russian Federation. Both documents are described in the Secret Service affidavit as "highly sensitive information pertaining to ongoing USSS criminal cases."

At the agency's urging, the informant made contact with Myth, and learned that the documents represented just a few droplets in a full-blown Secret Service data spill. The hacker knew about Secret Service subpoenas relating to government computer crime investigations, and even knew the agency was monitoring his own ICQ chat account.

Myth refused to identify the source of his informational largesse, but agreed to arrange an introduction. The next day Myth, the snitch, and a third person using the nickname "Anonyman" met on an IRC channel. Over the following days, the snitch gained the hacker's trust, and the hacker confirmed that he and Ethics were one and the same. Ethics began sharing Secret Service documents and e-mails with the informant, who passed them back to the agency.

Honeypot Proxy
By August 5th the agents already had a good idea what was going on, when Ethics made a fateful mistake. The hacker asked the Secret Service informant for a proxy server -- a host that would pass through Web connections, making them harder to trace. The informant was happy to oblige. The proxy he provided, of course, was a Secret Service machine specially configured for monitoring, and agents watched as the hacker surfed to "My T-Mobile," and entered a username and password belonging to Peter Cavicchia, a Secret Service cyber crime agent in New York.

Cavicchia was the agent who last year spearheaded the investigation of Jason Smathers, a former AOL employee accused of stealing 92 million customer e-mail addresses from the company to sell to a spammer. The agent was also an adopter of mobile technology, and he did a lot of work through his T-Mobile Sidekick -- an all-in-one cellphone, camera, digital organizer and e-mail terminal. The Sidekick uses T-Mobile servers for e-mail and file storage, and the stolen documents had all been lifted from Cavicchia's T-Mobile account, according to the affidavit. (Cavicchia didn't respond to an e-mail query from SecurityFocus Tuesday.)

By that time the Secret Service already had a line on Ethics' true identity. Agents had the hacker's ICQ number, which he'd used to chat with the informant. A Web search on the number turned up a 2001 resume for the then-teenaged Jacobsen, who'd been looking for a job in computer security. The e-mail address was listed as ethics@netzero.net.

The trick with the proxy honeypot provided more proof of the hacker's identity: the server's logs showed that Ethics had connected from an IP address belonging to the Residence Inn Hotel in Buffalo, New York. When the Secret Service checked the Shadowcrew logs through a backdoor set up for their use -- presumably by the informant -- they found that Ethics had logged in from the same address. A phone call to the hotel confirmed that Nicolas Jacobsen was a guest.

Snapshots Compromised
Eight days later, on October 27th, law enforcement agencies dropped the hammer on Operation Firewall, and descended on fraud and computer crime suspects across eight states and six foreign countries, arresting 28 of them. Jacobsen, then living in an apartment in Santa Ana in Southern California, was taken into custody by the Secret Service. He was later released on bail with computer use restrictions.

Jacobsen lost his job at Pfastship Logistics, an Irvine, California company where he worked as a network administrator, and he now lives in Oregon.

The hacker's access to the T-Mobile gave him more than just Secret Service documents. A friend of Jacobsen's says that prior to his arrest, Jacobsen provided him with digital photos that he claimed celebrities had snapped with their cell phone cameras. "He basically just said there was flaw in the way the cell phone servers were set up," says William Genovese, a 27-year-old hacker facing unrelated charges for allegedly selling a copy of Microsoft's leaked source code for $20.00. Genovese provided SecurityFocus with an address on his website featuring what appears to be grainy candid shots of Demi Moore, Ashton Kutcher, Nicole Richie, and Paris Hilton.

The swiped images are not mentioned in court records, but a source close to the defense confirmed Genovese's account, and says Jacobsen amused himself and others by obtaining the passwords of Sidekick-toting celebrities from the hacked database, then entering their T-Mobile accounts and downloading photos they'd taken with the wireless communicator's built-in camera.

The same source also offers an explanation for the secrecy surrounding the case: the Secret Service, the source says, has offered to put the hacker to work, pleading him out to a single felony, then enlisting him to catch other computer criminals in the same manner in which he himself was caught. The source says that Jacobsen, facing the prospect of prison time, is favorably considering the offer.

One of the parts I question is 'turning' criminals back to work for the government! I know that is not a new process, but does this type of thinking allow for people to find jobs? Meaning that the hacker caught, Jacobsen, was looking for a job in the first place. Now, if he decides to work for the government, he will have a job - and he broke the law and caused an untold amount of monetary and production damage. My analysis of course could be renedered as an over-simplification and/or brushed off, but what is the message that the government is trying to send? Would this story encourage other people to brush up on their skills, just enough to stand out, get caught and then go work for the government?

Thoughts please?

\"An ant may well destroy a whole dam.\" - Chinese Proverb
\"Not only can water float a craft, it can sink it also.\" - Chinese Proverb

a few guys who where in the virus/cracking sceen in the early to mid 90's with me are now NSA, so this dose not shock me. Hey if he has the skills and will be as loyal as any of us in this mercenary feild why shouldn't the goverment hire him?

If he doesn't have any problem with having double standards, it'll probably be a dream job for him. But like I said, he'd have to get over the fact that he'll be helping to arrest people doing exactly what he did :P

The only people who feel sorry for cell phone companies are the ones who have never worked for one.

These companies are so insecure most of you would ditch a contract phone if you knew what happens.

Give me a nice sum of something I want and I'll give you access to customers all you want. It's not like Tmobile or any of the other moron dealers make you swear into secrecy when you work with them and find out they are ****ing IDIOT like in nature.

Why they call half of the **** they do a secret is beyond me. Anyone here work at a pharmacy and want to make some trades?

They (the goverment) probably figure they could use him, and they'll be keeping him off the streets. Win-win situation. Something I've seen throughout the years about the U.S. is that what they do mostly benifts them more than the other party.

WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

From the articleT-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning. Under California's anti-identity theft law "SB1386," the company is obliged to notify any California customers of a security breach in which their personally identifiable information is "reasonably believed to have been" compromised. That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.

Just came accross this in one of my courses:

Boone & Kurtz, Contemporary Business, 11th edition, p. 245A "cyber disclosure" law is being implemented in California, which mandates companies to report security instrusions that jeopardize customer information such as Social Security numbers and bank account data. Companies must notife customers if their information has been viewed without authorization. The impact of the law is still uncertain.

If he's good at what he does why not give him a job...there's an infamous Canadian who was a lawyer, policeman, and a doctor aboard a U.S. Navy ship, all with forged credentials, and nobody knew until after he died because he performed each job very well...then there's that movie with SpongeBob's illegitimate son Leonardo DeCapria who was offered a job after he was caught...if you're good at it...and someone offers you a chance to be legit...why not ?